Chapter 7. Reality and Risks to IT Controls Being Effective
It is of the highest degree of necessity that the Auditor, before commencing the investigation...should thoroughly acquaint himself with the general system upon which the books have been kept....Having thoroughly made himself the master of the system, the Auditor should look for its weakest points. [emphasis added]
A great debate has occurred over the past century in the audit and assurance profession with regard to the significance and importance of internal controls and their numerous interpretations. Guidance relating to internal controls has been put forth by the accounting/audit professions for over a century. Beyond guidance, governments around the world, their regulatory branches, public and private companies, and industry-watch groups have established mandates supported by routine testing and financial penalties. The quote just cited was published in 1892, and its points are still salient in the current information technology economy. It has long been realized that without proper oversight, the systems designed to protect an organization and owners could become susceptible to error and fraud.
According to a banker quoted in 1956:
Today it's gotten to a point where all employers should give careful study to internal controls, cash receipts and audit methods.
The debate over internal control requirements centered on the necessity and value provided to business functions. Throughout the past century ...